Download

Highest False Positives Last Month

  1. Documentation
  2. Statistics
  3. Highest False Positives Last Month

These were the alerts most frequently flagged as false positives using Alert Filters last month.

Note that this does not necessarily mean they are false positives, it could mean that the people using ZAP are not interested in these specific vulnerabilities.

Position Alert Status Rule Type
1 Information Disclosure - Suspicious Comments release Passive
2 Session ID in URL Rewrite release Passive
3 Cross-Domain Misconfiguration release Passive
4 X-Content-Type-Options Header Missing release Passive
5 Content Security Policy (CSP) Header Not Set release Passive
6 SQL Injection release Active
7 Strict-Transport-Security Header release Passive
8 Retrieved from Cache release Passive
9 Re-examine Cache-control Directives release Passive
10 Cross-Domain JavaScript Source File Inclusion release Passive
11 CSP release Passive
12 HTTP Server Response Header release Passive
13 Loosely Scoped Cookie release Passive
14 User Agent Fuzzer release Active
15 Cookie without SameSite Attribute release Passive
16 Session Management Response Identified beta Passive
17 Anti-clickjacking Header release Passive
18 Timestamp Disclosure - Unix release Passive
19 User Controllable HTML Element Attribute (Potential XSS) release Passive
20 Modern Web Application release Passive